Community discussions

MikroTik App
 
srijit92
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Sun Jul 01, 2012 11:56 am
Location: India
Contact:

NAT not working for Hotspot based VLANs

Thu Mar 31, 2016 8:39 pm

Hi,

I have a network where I have 3 vlans running individual hotspots. The NAS is connected to a L2 switch for distribution.

On ether2
Vlan 101 - 192.168.1.0/24
Vlan 102 - 192.168.2.0/24
Vlan 103 - 192.168.3.0/24

On ether1 (WAN)
IP - 1.1.1.0/30

Public pool received from ISP - 2.2.2.0/24

I want the hotspot users to change from 192.168.X.X to the public IP after login. Generally on NAS without VLANs we would simply assign the first IP from the public pool like 2.2.2.1 in this to the LAN facing interface and Natting would work like charm.

But since VLANs are there I cannot assign the IP on the LAN interface (confirmed by checking). So whenever user logs in, he is shown as active under hotspot but no page is opening in his computer.
Where am I wrong?
 
User avatar
pukkita
Trainer
Trainer
Posts: 3051
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: NAT not working for Hotspot based VLANs

Thu Mar 31, 2016 8:47 pm

I'm not sure I got what you want to do, if you're assigning public IPs, why natting?

However what (I think) you want to achieve can be done by creating a loopback interface (empty bridge) and assigning the public ip to it.

But no need for nat AFAIK...
 
srijit92
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Sun Jul 01, 2012 11:56 am
Location: India
Contact:

Re: NAT not working for Hotspot based VLANs

Fri Apr 01, 2016 5:32 am

I'm not sure I got what you want to do, if you're assigning public IPs, why natting?

However what (I think) you want to achieve can be done by creating a loopback interface (empty bridge) and assigning the public ip to it.

But no need for nat AFAIK...
Thanks, I will try it and update. Actually I didn't want to mean exactly NAT. I have enough public IPs available. So basically I will create a empty bridge interface acting as a loopback interface and assign the first IPs of the available public IP pools there on it. Right?
 
srijit92
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Sun Jul 01, 2012 11:56 am
Location: India
Contact:

Re: NAT not working for Hotspot based VLANs

Fri Apr 01, 2016 5:54 am

Tried the loopback setup. But it also produced same results. Login ok but no internet.

Attached current configurations here - https://dl.dropboxusercontent.com/u/53681371/note.txt
 
User avatar
pukkita
Trainer
Trainer
Posts: 3051
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: NAT not working for Hotspot based VLANs

Fri Apr 01, 2016 11:29 am

Is this the actual working configuration?

You aren't using DHCP for the HotSpot, how are clients suppossed to get the gateway address?

AFAIK you need to create a DHCP server with the public IP pools, setting the proper gateway (45.121.110.129 and 45.121.109.1) for each DHCP network so that hotspot clients get a gateway address.
/interface bridge
add name=loopback0

/interface ethernet
set [ find default-name=ether1 ] name=ether4-WAN
set [ find default-name=ether2 ] name=ether5-LAN

/interface vlan
add interface=ether5-LAN name=Balipur-101 vlan-id=101
add interface=ether5-LAN name=Deogarh-106 vlan-id=106
add interface=ether5-LAN name=Dhubulia-103 vlan-id=103
add interface=ether5-LAN name=Nabadwip-104 vlan-id=104
add interface=ether5-LAN name=Sahebganj-102 vlan-id=102
add interface=ether5-LAN name=Shyampur-105 vlan-id=105

/ip address
add address=103.41.28.46/30 interface=ether4-WAN network=103.41.28.44
add address=172.17.24.1/24 interface=Nabadwip-104 network=172.17.24.0
add address=172.17.27.1/24 interface=Deogarh-106 network=172.17.27.0
add address=172.17.28.1/24 interface=Sahebganj-102 network=172.17.28.0
add address=172.17.31.1/24 interface=Balipur-101 network=172.17.31.0
add address=172.17.29.1/24 interface=Shyampur-105 network=172.17.29.0
add address=172.17.25.1/24 interface=Dhubulia-103 network=172.17.25.0
add address=172.17.26.1/24 interface=Dhubulia-103 network=172.17.26.0
add address=10.254.254.1/30 disabled=yes interface=ether5-LAN network=\
    10.254.254.0
add address=45.121.110.129/25 interface=loopback0 network=45.121.110.128
add address=45.121.109.1/24 interface=loopback0 network=45.121.109.0

/ip route
add check-gateway=ping distance=1 gateway=103.41.28.45
add disabled=yes distance=1 dst-address=172.17.28.0/24 gateway=10.254.254.2
add disabled=yes distance=1 dst-address=172.17.31.0/24 gateway=10.254.254.2

/ip pool
add name=Default ranges=\
    45.121.109.2-45.121.109.254,45.121.110.130-45.121.110.254
add name=zones ranges=172.17.31.0/24

/ip hotspot
add disabled=no idle-timeout=none interface=Balipur-101 name=Balipur
add disabled=no idle-timeout=none interface=Dhubulia-103 name=Dhubulia
add disabled=no idle-timeout=none interface=Nabadwip-104 name=Nabadwip
add disabled=no idle-timeout=none interface=Sahebganj-102 name=Sahebganj
add disabled=no idle-timeout=none interface=Shyampur-105 name=Shyampur
add disabled=no idle-timeout=none interface=Deogarh-106 name=Deogarh

/ip hotspot profile
set [ find default=yes ] dns-name=speednet.com html-directory=speednet_sb \
    login-by=http-chap,http-pap use-radius=yes

/ip hotspot
add address-pool=zones idle-timeout=none interface=ether5-LAN name=server1

/ppp profile
set *0 dns-server=8.8.8.8,4.2.2.2 local-address=103.41.28.46 remote-address=\
    Default

# >>>>>>>> These are all the firewall rules??? <<<<<<<<<<<
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
    disabled=yes
add chain=forward src-address=172.17.28.0/24

/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
 
srijit92
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Sun Jul 01, 2012 11:56 am
Location: India
Contact:

Re: NAT not working for Hotspot based VLANs

Fri Apr 01, 2016 1:01 pm

We are using static private ip addressing here for customers. After they login successfully then they will be provided a Public IP.
 
User avatar
pukkita
Trainer
Trainer
Posts: 3051
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: NAT not working for Hotspot based VLANs

Fri Apr 01, 2016 4:29 pm

How do they set their gateway? Manually?
 
srijit92
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Sun Jul 01, 2012 11:56 am
Location: India
Contact:

Re: NAT not working for Hotspot based VLANs

Fri Apr 01, 2016 4:46 pm

Yes static.
 
User avatar
pukkita
Trainer
Trainer
Posts: 3051
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: NAT not working for Hotspot based VLANs

Fri Apr 01, 2016 5:13 pm

Do they ping to the loopback ip addresses?
 
srijit92
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Sun Jul 01, 2012 11:56 am
Location: India
Contact:

Re: NAT not working for Hotspot based VLANs

Fri Apr 01, 2016 6:05 pm

Yes. Can ping loopback.
 
User avatar
pukkita
Trainer
Trainer
Posts: 3051
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: NAT not working for Hotspot based VLANs

Fri Apr 01, 2016 9:06 pm

I am afraid yours is kind of messy and non practical setup (from management standpoint) I wouldn't use hotspot but PPPoE, lots of advantages: saving public IPs, neater setup, control over remote clients...

I think right now the problem is router doesn't know how to reach public ips from its side, can you ping from the router to the static addresses?

Is there any specific reason to use hotspot in your scenario?
 
srijit92
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Sun Jul 01, 2012 11:56 am
Location: India
Contact:

Re: NAT not working for Hotspot based VLANs

Fri Apr 01, 2016 9:10 pm

Yes planning to migrate to PPoPE. Using hotspot for company branding and giving some info to users like maintenance etc.
Also hotspot for auto login via MAC.
 
User avatar
pukkita
Trainer
Trainer
Posts: 3051
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: NAT not working for Hotspot based VLANs

Sat Apr 02, 2016 10:48 am

You can also "intercept" users HTTP traffic and redirect it to a web server to provide info, maintenance warnings, etc while using PPPoE, by using ip > firewall > nat.

Regarding its status, if you user user-manager, you can provide credits, and usage info too: http://wiki.mikrotik.com/wiki/User_Manager/User_page

Back to your actual setup, I'm puzzled clients can ping the loopback but not reaching internet.

What DNS are they using? Can they ping 8.8.8.8 but not www.google.com?

Do they appear on IP > hotspot > Hosts or Active tabs?

Are those all your Ip > firewall > filter rules? Your router is wide open!
 
srijit92
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Sun Jul 01, 2012 11:56 am
Location: India
Contact:

Re: NAT not working for Hotspot based VLANs

Sat Apr 09, 2016 6:08 pm

You can also "intercept" users HTTP traffic and redirect it to a web server to provide info, maintenance warnings, etc while using PPPoE, by using ip > firewall > nat.

Regarding its status, if you user user-manager, you can provide credits, and usage info too: http://wiki.mikrotik.com/wiki/User_Manager/User_page

Back to your actual setup, I'm puzzled clients can ping the loopback but not reaching internet.

What DNS are they using? Can they ping 8.8.8.8 but not http://www.google.com?

Do they appear on IP > hotspot > Hosts or Active tabs?

Are those all your Ip > firewall > filter rules? Your router is wide open!
No they cannot ping 8.8.8.8 after login...
Yes they appear on active hosts after login.
There is some communication issues with the public IPs after client login.
This is not a production setup, so minimal filter rules.

Who is online

Users browsing this forum: atomicduck, JohnTRIVOLTA, sindy and 33 guests